[OpenID] OpenID and phishing (was Announcing OpenID Authentication 2.0 - Implementor's Draft 11)
chris.messina at gmail.com
Fri Jan 19 21:02:16 UTC 2007
And, beyond that, the problem of human and device accessibility
precludes relying on solely forward-facing technology.
If you're going to tell me I can't use OpenID on my cell phone browser
(yes, it's Blackberry and not using Opera), you're nuts. Mobile and
low-fidelity browsing are on the rise and we have to be sensitive to
figuring out how OpenID will work in the dizzying array of locations
*outside the desktop-based browser* where you can now access the open
web (WII, kiosks, public terminals, iPhones, etc).
And, of course, we have to be just as sensitive as browser makers must
be to human accessibility needs.
I agree and support the sensible attitude that openid must not make
the phishing situation worse; I also must point out that a large
number of people already use the same username and password all over
the place; security or privacy conscious folks such as ourselves
aren't the ones we need to convince or to understand better -- it's
the folks *unlike* us that we need to concern ourselves with.
At the least, I'm thrilled that this conversation is hitting a fever
pitch and even if it was brought up 3 months ago, we're making
On 1/19/07, Jonathan Daugherty <cygnus at janrain.com> wrote:
> # OTOH, I think this religious attitude that says browser plugins are
> # to be avoided at all costs is wrong-headed.
> The attitude is the result of many of us admitting that firefox-using,
> plugin-using users are a minority within a minority and that the "just
> use a plug-in!" push ignores that fact.
> Jonathan Daugherty
> JanRain, Inc.
> irc.freenode.net: cygnus in #openid
> general mailing list
> general at openid.net
Citizen Provocateur &
Open Source Ambassador-at-Large
Cell: 412 225-1051
This email is: [ ] bloggable [X] ask first [ ] private
More information about the general